-
Notifications
You must be signed in to change notification settings - Fork 5
/
Copy pathdevportal-values.yaml
280 lines (235 loc) · 9.38 KB
/
devportal-values.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
replicaCount: 1
image:
# -- The repository for the image. By default,
# this points to the Software AG container repository.
# Change this for air-gapped installations or custom images.
# For the Software AG container repository you need to have a
# valid access token stored as registry credentials
repository: ibmwebmethods.azurecr.io/devportal
pullPolicy: IfNotPresent
# -- The image tag of the apigateway image default this will be the latest version.
# For realworld scenarios SAG recommends to use a
# specific version to not accidently change production versions with newer images.
tag: "10.15"
#tag: "11.0"
# -- Image pull secret reference. By default looks for `regcred`.
imagePullSecrets:
- name: regcred
# -- Overwrites Chart name of release name in workload name. As default, the workload name is release name + '-' + Chart name. The workload name is at the end release name + '-' + value of `nameOverride`.
nameOverride: ""
# -- Overwrites full workload name. As default, the workload name is release name + '-' + Chart name.
fullnameOverride: ""
serviceAccount:
# -- Specifies whether a service account should be created
create: true
# -- Annotations to add to the service account
annotations: {}
# -- The name of the service account to use.
# If not set and create is true, a name is generated using the fullname template
name: ""
# If not set and create is true, a name is generated using the fullname template
roleName: ""
podAnnotations: {}
podSecurityContext: {}
# fsGroup: 2000
securityContext: {}
# capabilities:
# drop:
# - ALL
# readOnlyRootFilesystem: true
# runAsNonRoot: true
# runAsUser: 1000
service:
type: ClusterIP
port: 80
ingress:
enabled: true
defaultHostname: devportal.mydomain.com
className: ""
# -- Ingress annotations
annotations:
nginx.ingress.kubernetes.io/affinity: "cookie"
nginx.ingress.kubernetes.io/app-root: /portal
traefik.ingress.kubernetes.io/app-root: /portal
traefik.ingress.kubernetes.io/affinity: "true"
kubernetes.io/ingress.class: addon-http-application-routing
hosts:
# -- Hostname of Ingress. By default the defaultHostname is used. For more complex rules or addtional hosts, you will need to overwrite this section.
- host: "api-portal.9b07ebc1eb8b44fe9e3f.westeurope.aksapp.io"
# -- Address the backend
paths:
# -- Path to address the backend
- path: /
# -- Path type to address the backend
pathType: Prefix
# -- Port of service
port: 80
# -- TLS of Ingress
tls: []
# - secretName: chart-example-tls
# hosts:
# - chart-example.local
resources:
# We usually recommend not to specify default resources and to leave this as a conscious
# choice for the user. This also increases chances charts run on environments with little
# resources, such as Minikube. If you do want to specify resources, uncomment the following
# lines, adjust them as necessary, and remove the curly braces after 'resources:'.
# limits:
# cpu: 100m
# memory: 128Mi
# requests:
# cpu: 100m
# memory: 128Mi
devportalContainer:
requests:
cpu: 1
memory: 1Gi
limits:
# use a high cpu limit to avaoid the container being throttled
cpu: 1
memory: 4Gi
autoscaling:
enabled: false
minReplicas: 1
maxReplicas: 100
targetCPUUtilizationPercentage: 80
# targetMemoryUtilizationPercentage: 80
nodeSelector: {}
tolerations: []
affinity:
podAntiAffinity:
preferredDuringSchedulingIgnoredDuringExecution:
- weight: 10
podAffinityTerm:
labelSelector:
matchExpressions:
- key: "app.kubernetes.io/instance"
operator: In
values:
- '{{ .Release.Name }}'
topologyKey: kubernetes.io/hostname
topologySpreadConstraints:
- maxSkew: 1
topologyKey: kubernetes.io/hostname
whenUnsatisfiable: DoNotSchedule
labelSelector:
matchLabels:
app.kubernetes.io/instance: '{{ .Release.Name }}'
# -- Extra Labels
extraLabels: {}
# -- Exta environment properties to be passed on to the container
extraEnvs: {}
# -- Exta volumes that should be mounted.
extraVolumes: []
# - name: extras
# emptyDir: {}
# -- Extra volume mounts
extraVolumeMounts: []
# - name: extras
# mountPath: /usr/share/extras
# readOnly: true
# -- Extra containers which should run in addition to the main container as a sidecar
extraContainers: []
# - name: do-something
# image: busybox
# command: ['do', 'something']
# -- Extra init containers that are executed before starting the main container
extraInitContainers: []
# - name: do-something
# image: busybox
# command: ['do', 'something']
# -- Extra config maps for additional configurations such as extra ports, etc.
extraConfigMaps: []
# -- lifecycle hooks to execute on preStop / postStart,...
lifecycle: {}
# preStop:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
# postStart:
# exec:
# command: ["/bin/sh", "-c", "echo Hello from the postStart handler > /usr/share/message"]
devportal:
port: 8083
# -- Deploy Elasticsearch. Depends on Elasic Search Helm Charts. See https://github.com/elastic/helm-charts/blob/main/elasticsearch
elasticSearchDeployment: true
clusterPorts:
start: 47500
end: 47509
# -- csp domains for SSO usage with external Identity providers. This should point to your identity provider domains.
# Controls the PORTAL_SERVER_CONFIG_HEADERS_CONTENT_SECURITY_POLICY environment variable for developer portal
cspDomains: "*.westeurope.aksapp.io *.stripe.com *.okta.com"
# -- Use the default anti pod affinity.
# Specifies a Pod Anti-Affinity rule for Kubernetes pods.
# The default Pod Anti-Affinity is a scheduling preference that indicates
# how Kubernetes should distribute pods across nodes to avoid having multiple
# pods of the same application or with specific labels running on the same node.
# If you want to use your on rules, refer to affinity value and provide your own configuration.
useDefaultAffinityRule: false
prometheus:
path: "/portal/rest/v1/prometheus"
port: "8083"
scheme: "http"
scrape: "true"
elasticsearch:
# -- Deploy elastic search instance
deploy: true
# -- The ECK version to be used
version: 8.2.3
# -- The image that should be used.
# By default ECK will use the official Elasticsearch images.
# Overwrite this to use an image from an internal registry or any custom images.
# Make sure that the image corresponds to the version field.
image:
# -- The elasticsearch http service name that Developer Portal uses.
# The default is compiled of the fullname (releasename + chart name) + "-http"
# You MUST override this if you use an external elastic search service and do not deploy the embedded elastic CRD from this chart.
serviceName: ""
# -- The default elasticsearch instance http communication port
port: 9200
# -- The secret name that holds the sag es user for Developer Portal.
secretName: ""
# -- Whether the communication from Developer Portal should be HTTPS
# Note: you will need to create certificate and a separate truststore for the communication.
tlsEnabled: false
# -- The secret name that holds the keystore password
keystoreSecretName: ""
# -- The name of the secret holding the tls secret
# By default the name will be fullname of release + "es-tls-secret"
certificateSecretName: "{{ include \"common.names.fullname\" .}}-es-tls-secret"
# -- Node sets. See official ElasticSearch documentation at:
# https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-orchestration.html
# if you specify node sets here the defaultNodeSet will not be used.
nodeSets: {}
# -- Default Node Set
defaultNodeSet:
# -- the number of replicas for Elastic Search
count: 1
# -- Set this to true for production workloads, this will also
# use an init container to increase the vm.max_map_count to 262144 on the nodes.
memoryMapping: false
# -- Controls whether to start an init container that increases the vm.max_map_count to 262144 on the node.
# Set memoryMapping to true and this setting also to true to run the init container.
# Note that this requires the ability to run privileged containers, which is likely not the case on many secure clusters.
setMaxMapCount: true
# -- install plugins at startup from Elasticsearch
# by default the mapper-size plugin is required. Set this to [] in order to avoid installation of any plugins and you
# are providing a custom Elasticsearch image with the required plugins.
installPlugins:
- mapper-size
# -- Extra configuration parameters for Elasticsearch nodes to be appended to the default (none).
# See https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-node-configuration.html
extraConfig: {}
# -- Extra init containers to be started before Elasticsearch nodes are started.
# See https://www.elastic.co/guide/en/cloud-on-k8s/current/k8s-init-containers-plugin-downloads.html
extraInitContainers: {}
prometheus-elasticsearch-exporter:
es:
uri: "{{ .Release.Name }}-developerportal-es-http:9200"
serviceMonitor:
enabled: true
jobLabel: "devportal"
image:
repository: quay.io/prometheuscommunity/elasticsearch-exporter
tag: v1.5.0
pullPolicy: IfNotPresent
pullSecret: ""